Incoming mail delivery failed on SES

Question

Hi, One of the incoming mail failed delivery to our verified domain on AWS SES. The SES account is not in sandbox mode and the verified domain is able to receive emails regularly but for one instance. Below is the delivery failed message that the mail sender received while sending the email: > Delivery has failed to these recipients or groups:

@.com The email address you entered couldn't be found. Please check the recipient's email address and try to resend the message. If the problem continues, please contact your email admin. The following organization rejected your message: Inbound smtp.us-east-1.amazonaws.com > Diagnostic information for administrators:

@.com inbound-smtp.us-east-1.amazonaws.com Remote Server returned '554 5.1.1

Answer

This error message:

```
5.1.1 SMTP, 550 5.7.1 TLS required by recipient
```

---

Will be returned when the sending mail server did not start a TLS connection with the inbound SES server and the server rejected the message.
The SES Inbound receipt rule has an option for requiring or not requiring a TLS connection for inbound messages
If the require TLS option is chosen and the sender fails to negotiate the TLS connection SES will reject the message

https://docs.aws.amazon.com/ses/latest/dg/receiving-email-receipt-rules-console-walkthrough.html#receipt-rules-create-rule-settings

Reviewing the sending mail servers logs of the SMTP/TLS connection would provide insight into why the TLS connection failed and the message was attempted to be delivered without TLS

Incoming mail delivery failed on SES

Relevant content